We'll certainly be doing our utmost to incentivize developers to move to OAuth. The next major version of the API will be OAuth-only, for example.
Of course, once we offer OAuth, it would be nice to see the same community pressure that's been applied to us put towards companies like Amazon. The Amazon.com iPhone app collects my username and password, and that account is actually tied to my credit card information. Where are the blog posts about their anti-patterns? On Sun, Jan 4, 2009 at 11:23, Chris Messina <chris.mess...@gmail.com> wrote: > > On Jan 2, 11:31 pm, "Jesse Stay" <jesses...@gmail.com> wrote: > >> Well put Chris - I had forgotten about that. I just want something - I >> don't care what, but I need it soon, as it's starting to make it really >> difficult to market my App and keep users feeling secure. I *hate* knowing >> my users Twitter passwords (I have over 5,000 of them - it's really scary >> that I do). I sincerely hope this is top priority for Twitter right now - >> it should have been implemented last year so long as they have an API in >> place. On my App, it took about 2 hours max to write, test, and implement a >> very simple API key system like this for the API I'm providing. I don't get >> why it's taking Twitter so long. > > John Adams from Twitter's operations team replied to my post on this > subject: > > "The plan is to support Basic Auth and OAuth concurrently, for at > least 6 months, if not more. > > "We can't completely turn off the Basic Auth API without having a > large impact to many APIs and clients." > > http://factoryjoe.com/blog/2009/01/02/twitter-and-the-password-anti-pattern/comment-page-1/#comment-103431 > > So, you will be given an option (no telling when) to use OAuth instead > of the plaintext username/password combo. > > Of course it means many folks will still use the lowest common > denominator (and the most insecure method available) for some time, > but at least there will be a good transitional time period where > developers who want to use OAuth can do so, paving a path for those > who will need to migrate later. > > Heck if Flickr could get its user base to move over to Yahoo accounts, > I imagine Twitter will be able to get app developers and users to move > over to OAuth in six months. > > Chris > -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x
